Github.Com Quic-Go Quic-Go vulnerabilities

CVE-2025-64702 [MEDIUM] CWE-770 quic-go HTTP/3 QPACK Header Expansion DoS quic-go HTTP/3 QPACK Header Expansion DoS ## Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an `http.Header` (used on the `http.Request` and `http.Response`, respectively), while only enforcing lim

CVE-2025-59530 [HIGH] CWE-617 quic-go: Panic occurs when queuing undecryptable packets after handshake completion quic-go: Panic occurs when queuing undecryptable packets after handshake completion ## Summary A misbehaving or malicious server can trigger an assertion in a quic-go client (and crash the process) by sending a premature HANDSHAKE_DONE frame during the handshake. ## Impact A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by trigge

CVE-2025-29785 [HIGH] CWE-248 quic-go Has Panic in Path Probe Loss Recovery Handling quic-go Has Panic in Path Probe Loss Recovery Handling ### Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe pa

CVE-2024-53259 [MEDIUM] CWE-345 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux quic-go affected by an ICMP Packet Too Large Injection Attack on Linux ### Impact An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used `IP_PMTUDISC_DO`, the kernel would then return a "message too large" error on `sendmsg`, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to sma

CVE-2024-22189 [HIGH] CWE-400 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack An attacker can cause its peer to run out of memory by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRE_CONNECTION_ID frame. The attacker can prevent the receiver from sending out (the vast majority of) these RETIRE_CONN

CVE-2023-49295 [MEDIUM] CWE-400 quic-go's path validation mechanism can be exploited to cause denial of service quic-go's path validation mechanism can be exploited to cause denial of service An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by colla

CVE-2023-46239 [HIGH] CWE-248 quic-go vulnerable to pointer dereference that can lead to panic quic-go vulnerable to pointer dereference that can lead to panic quic-go is an implementation of the [QUIC](https://datatracker.ietf.org/doc/html/rfc9000) transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet numb